OK so I have used VPE to send users to a redirect ending when "GetLaunchStatus" is seen in the URI (the logic being that this URI should only be send after authentication has taken place so if it is seen before then the user needs to re-authenticate). I can see from a wireshark trace that the 302 redirect is sent (the URI actually being the /my.policy logon page as expected). The client then tries a GET for /my.policy and a HTTP 200 with the logon page is returned. But in the web browser I still see the old StoreFront page. Somehow I need to break the browser out of the StoreFront page.